big_al Posted February 15, 2009 Share Posted February 15, 2009 Hi all, I am pretty new to php and i am setting up a site with a form that users can fill in and the results are emailed to me, (name, address, contact details etc.) The email comes through fine but the script is only requesting the details from the first form box (surname) does anyone know what extra script i need to include so the script gathers data for all the boxes on my form? Below is a copy of the script: <?php $email = $_REQUEST['email'] ; $message = $_REQUEST['surname'] ; mail( "[email protected]", "Feedback Form Results", $message, "From: $email" ); header( "Location: http://www.somewhere.com/thank-you.html" ); ?> Link to comment https://forums.phpfreaks.com/topic/145285-e-mailing-an-online-form/ Share on other sites More sharing options...
dtyson2000 Posted February 15, 2009 Share Posted February 15, 2009 It would be a big help to see what your form looks like, although it is likely that all you need to do is set your other form variables, i.e.: <?php $email = $_REQUEST['email']; $surname = $_REQUEST['surname']; // make this its own variable $comment = $_REQUEST['comment']; // and/or whatever other variables you have $message = "$surname wrote:\n\n $comment"; // use this to combine all variables into a message mail( "[email protected]", "Feedback Form Results", $message, "From: $email" ); header( "Location: http://www.somewhere.com/thank-you.html" ); ?> "\n" is a simple line break. I don't know what your specific use for the mail() function is (part of a larger project?) but I have opted, in the past, to use a simple database in cases where I want to gather user comments. It helps to keep all of that info in one place, making it easily accessible and I don't have to worry about the other issues associated with the mail() function. At any rate, I would really recommend, if you haven't already done it, placing some security checks on the form data in your script to protect against injection attempts. Link to comment https://forums.phpfreaks.com/topic/145285-e-mailing-an-online-form/#findComment-762739 Share on other sites More sharing options...
MatthewJ Posted February 15, 2009 Share Posted February 15, 2009 You shouldn't user $_REQUEST... use $_POST or $_GET And would that be "email injection"? Data only needs to be escaped when using it with a query, not gathering it to email Link to comment https://forums.phpfreaks.com/topic/145285-e-mailing-an-online-form/#findComment-762745 Share on other sites More sharing options...
dtyson2000 Posted February 15, 2009 Share Posted February 15, 2009 You shouldn't user $_REQUEST... use $_POST or $_GET And would that be "email injection"? Data only needs to be escaped when using it with a query, not gathering it to email Yep. You're right. I wasn't thinking but mindlessly copying and pasting. Definitely use $_POST in place of $_REQUEST. And yes, regarding "injection/email injection", you're also right. I just assumed that, because we were talking about a mail script, the injection type that I mentioned would be clear. However, it is very important that one sanitize the data being sent through one's mail script (i.e. check for header injections and, if present, kill the script), lest the script becomes a spammer's playground. Link to comment https://forums.phpfreaks.com/topic/145285-e-mailing-an-online-form/#findComment-762755 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.